Why Sanchar Saathi mandate sparked privacy, surveillance concerns

The Centre's recent directive requiring all smartphone manufacturers to pre-install the Sanchar Saathi app triggered a sharp debate on privacy, digital security and surveillance. In a conversation with The Federal last evening, digital rights activist Nikhil Pahwa and CPI(M) MP John Brittas cautioned that the move risked exposing citizens to hacking and government overreach, despite official claims that the app merely checked International Mobile Equipment Identity (IMEI) numbers.

Note that the Centre today (December 3) rolled back its order amid the Opposition’s ‘snooping’ charge inside and outside Parliament. The Ministry of Communications announced the decision in a release titled “Government removes mandatory pre-installation of Sanchar Saathi App.”

Talking with The Federal, Pahwa explained that while every handset carries a unique IMEI number, forcing an app onto all devices creates new vulnerabilities and surveillance risks. Brittas argued that the directive reflects a deeper pattern of eroding privacy and bypassing democratic oversight.

Both speakers warned that the mandatory nature of the app contradicted the government’s claims that it was voluntary and uninstallable.

IMEI or more?

Pahwa noted that an IMEI is a stable identifier used mainly to track stolen devices, and pointed out that Sanchar Saathi appears to extend beyond simple IMEI detection. He questioned the need for universal installation and asked why every single IMEI needs to be detected and why the app must be forced onto every device.

Pahwa added that by concentrating the tool across all phones, the risk is magnified: if a hacker infiltrates the app once, millions of devices could be compromised.

He warned that the app’s access to call records and device files turns it into an intrusive surveillance instrument, especially given that many apps store data unencrypted on devices and that on-device data — unlike messages in transit — can be accessed when a vulnerability is exploited.

Surveillance fears

Responding to the government’s cybersecurity rationale, Brittas expressed scepticism and argued that the stated aim of “empowering people” does not align with the policy’s effects.

He recalled his involvement with the Pegasus matter in the Supreme Court and noted that the government failed to cooperate with the court-appointed committee; he also pointed to earlier instances where state agencies were reported to have accessed devices.

Pahwa dismissed the Union Communication Minister’s public assurance that the app is optional and argued that the directive itself contradicts that claim.

He highlighted that the text of the directive required the app to be made visible on devices and placed restrictions on disabling its functionality.

SIM connections

Pahwa further explained that SIM-binding measures deepen vulnerabilities by tying online accounts to SIM cards, allowing accounts to be validated on another device if a SIM is moved, and that such policies were introduced without public consultation.

He argued that the Department of Telecommunications has shown an inadequate understanding of how the internet works and suggests that these responsibilities should be left to the Ministry of Electronics and IT.

Pahwa located the mandate within a wider regulatory gap, adding that the government has exempted itself from the Digital Personal Data Protection Act and therefore remains largely outside the protections the law would otherwise offer. He described a long-term pattern of linking citizens’ data across Aadhaar, birth certificates, school records and welfare services, building what is characterised as a 360-degree citizen surveillance architecture.

Oversight bypassed

Brittas criticised the decision to send the directive directly to manufacturers without parliamentary briefing or public disclosure, arguing that the government had a duty to inform Parliament or at least brief the parliamentary standing committee.

National security is repeatedly invoked to justify opacity and to shield policy choices from scrutiny, he said. He also cited the recent transfer of government email services from NIC to a private provider without sufficient transparency as an example of eroding institutional trust.

Brittas urged civil society to mobilise against measures that erode privacy and dignity, framing the directive as part of a broader trend toward constant monitoring and reduced civic space. Both speakers asserted that without surveillance reform, meaningful oversight and genuine public consultation, such directives will continue to chip away at citizens’ digital rights.

The content above has been transcribed from video using a fine-tuned AI model. To ensure accuracy, quality and editorial integrity, we employ a Human-In-The-Loop (HITL) process. While AI assists in creating the initial draft, our experienced editorial team carefully reviews, edits and refines the content before publication. At The Federal, we combine the efficiency of AI with the expertise of human editors to deliver reliable and insightful journalism.